Sanako Connect Security Statement

Last updated October 2, 2023

Sanako Connect is a cloud-based Software as a Service (SaaS) solution for language education. It is hosted on Heroku, a Platform as a Service (PaaS) built on top of AWS (Amazon Web Services). Our database provider MongoDB Atlas also uses AWS, and AWS is directly used as our file storage. Our live streaming features use

Sanako Connect is offered on two separate infrastructure instances: one in the USA for USA and North American customers and another server location for customers from Europe and other regions. There is no data transfer between geographical locations.

Our providers are fully responsible for the security of its own physical data centers, their safeguards and security policies. 

Sanako Ltd. is responsible for developing, updating, monitoring, operating, and securing the Sanako Connect cloud product.


AWS manages secure data centers around the world that we or our service providers use for hosting Sanako Connect. Sanako Connect cloud services data is hosted in the USA or in the European Union, depending on the end-customer physical location.

For customers in the USA and North America, we offer to host the services and data in the United States.

For customers in Europe and other regions, we offer to host the Sanako Connect services and data in the European Union.


Heroku regularly performs audits and maintains ISO, and SOC compliance for the service we are using. They are ISO 27001, 27017, 27018, and SOC 1, 2, 3 certified. More information on Heroku’s compliance.

AWS is certified by third-party organizations and operates a number of compliance programmes to comply with applicable EU and USA laws and regulations. The list of AWS certifications and compliance statements can be found on their compliance website.

MongoDB is ISO/IEC 27001:2013 certified. More information on MongoDB’s compliance. is GDPR compliant and is certified for SOC 2 Type 2 and under the EU-US and Swiss-US Data Privacy Framework Program. More information on’s security and compliance.

People and Access

Within Sanako Ltd., only a couple of trusted members of our development and management teams have access to the production environment for the purposes of maintaining our customer accounts, cloud services and assisting our customers. Additionally, our logging systems log all changes done for production environment settings or user management settings.

Customers are responsible for maintaining the security of their own login information and keeping their personal account usernames and passwords safe.

Data Storage and Retention

Data at rest is encrypted with AES-256 on MongoDB Atlas and Amazon S3. Additionally, all communications between the end user and our server, and our server and other services, are protected with HTTPS using TLS 1.2 or greater.

Data Deletion

Data will be scheduled for deletion at the end of the contract. There is a grace period of at least 30 days.

All data including backups are deleted within 6 months after the end of contract.

Data Transfer

Data is not transferred outside the geographical regions that Connect is hosted on. This means that the data for the USA instance is not transferred outside the USA and that the data for the EU instance is not transferred outside the European Union.

Backup and Disaster Recovery

Data is backed up once per 24 hours. Backup lifetime is 7 days and is only used for disaster recovery.


Sanako understands the importance of ensuring the privacy of our customers’ data and personally identifiable information. We are fully committed to keeping your data and information secure and following the industry best practices in cyber security. For more information on the Privacy Policy of Sanako Connect product, please visit the Privacy Policies indicated by your geolocation:

For USA and North America: USA server’s Privacy Policy

For EU and other regions: EU server’s Privacy Policy